There are some better processes that would be used for some smaller groups of high-trust people competing with each other, but I think we don’t really have a good process for this particular use case of:
* Someone wants to publish something * They are worried it might be an information hazard * They want someone logical to look at it and assess that before they publish
I think it would be a useful service for someone to solve that problem. I am certainly feeling some pain from it right now, though I’m not sure how general it is. (I would think it’s pretty general, especially in biosecurity, and I don’t think there are good scalable processes in place right now.)
I work in InfoSec. The first step is defining what your threats are, and what are you trying to defend. I’ll be blunt, if large, highly capable geopolitical powers actively want to get your highly valuable information, beyond passive bulk collection, then they will be able to get it. I don’t quite know how to say this, but security is bad at what we do. If you want to keep something secret they want as much as say nuclear secrets, then we don’t know how to do that, so that it will work with a high chance of success.
If your information is sensitive, confidential, but nation state actors only want it as much as, say something that would give a press scandal then there is opportunity. If you want to disclose infohazards safely, there’s a lot to learn from whistleblower publisher orgs (like wikileaks), and CitizenLab.
The cheap, usable, option is for someone to have a otherwise unused phone and create a protonmail and signal with it, and then publish those on any https website (like this forum), and then the info never gets forwarded from the phone. Publish the protonmail PGP key, and make sure people email it from either Protonmail itself or if they understand PGP (so not normal gmail). That gets everything to a device with minimal attack surface, and is reasonably user friendly.
Protonmail and Signal are e2e encrypted messaging mediums.
But depending on how paranoid the users need to be these systems might not provide enough guarantees, since you would need to trust the servers not to MITM. Unless you do some sort of in-person key-exchange.
But I’m definitely not an expert. In general I think there are plenty of experts that know exactly how to handle these things and they’re pretty easy to contact.
Edit: I agree with acylhalide comment, if you have government-level actors this is potentially not enough.
There are some better processes that would be used for some smaller groups of high-trust people competing with each other, but I think we don’t really have a good process for this particular use case of:
* Someone wants to publish something
* They are worried it might be an information hazard
* They want someone logical to look at it and assess that before they publish
I think it would be a useful service for someone to solve that problem. I am certainly feeling some pain from it right now, though I’m not sure how general it is. (I would think it’s pretty general, especially in biosecurity, and I don’t think there are good scalable processes in place right now.)
Hey Lorenzo pointed me to this comment.
I work in InfoSec. The first step is defining what your threats are, and what are you trying to defend. I’ll be blunt, if large, highly capable geopolitical powers actively want to get your highly valuable information, beyond passive bulk collection, then they will be able to get it. I don’t quite know how to say this, but security is bad at what we do. If you want to keep something secret they want as much as say nuclear secrets, then we don’t know how to do that, so that it will work with a high chance of success.
If your information is sensitive, confidential, but nation state actors only want it as much as, say something that would give a press scandal then there is opportunity. If you want to disclose infohazards safely, there’s a lot to learn from whistleblower publisher orgs (like wikileaks), and CitizenLab.
The cheap, usable, option is for someone to have a otherwise unused phone and create a protonmail and signal with it, and then publish those on any https website (like this forum), and then the info never gets forwarded from the phone. Publish the protonmail PGP key, and make sure people email it from either Protonmail itself or if they understand PGP (so not normal gmail). That gets everything to a device with minimal attack surface, and is reasonably user friendly.
If you have problems in this area, I can help.
Probably missing something obvious, but could they either:
PGP encrypt it with the reviewer’s public key, and send it via email?
Use an e2e encrypted messaging medium? (Don’t know which are trustworthy, but I’m sure there’s an expert consensus)
Or are those not user friendly enough?
I think this is a solved problem in infosec (but am probably missing something)
(+1 to “not user friendly”. Signal would be more user friendly, for example)
Protonmail and Signal are e2e encrypted messaging mediums.
But depending on how paranoid the users need to be these systems might not provide enough guarantees, since you would need to trust the servers not to MITM. Unless you do some sort of in-person key-exchange.
But I’m definitely not an expert. In general I think there are plenty of experts that know exactly how to handle these things and they’re pretty easy to contact.
Edit: I agree with acylhalide comment, if you have government-level actors this is potentially not enough.